rxbn_
/
auth.rxbn.de
1
0
Fork 0
Code Releases Activity
auth.rxbn.de/bin/web/routes/static.js

177 lines
4.0 KiB
JavaScript
Raw Blame History

/*
* This file is part of the authRXBN single sign-on package.
*
* (c) Ruben Meyer <contact@rxbn.de>
*/
express = require('express');
route = express.Router();
asyncer = require('express-async-handler');
fs = require('fs');
path = require('path');
var cfg = require(global['__dirname']+'/bin/config');
let getRoutes = async () => {
let db = global['requireModule']('database');
await db.connect();
/**
* main page
* @url /
* @method all
*/
route.all('/', asyncer(async (req, res, next) => {
// TODO: show login page or dashboard
// res.end('login or dashboard');
apps = await db.getApps();
res.render('index', {
session: req.session,
apps: apps.reply,
cfg: cfg
});
}));
/**
* login page or apprequest page
* @url /
* @method GET
*/
route.get('/authenticate', asyncer(async (req, res) => {
if(req.session) {
// if there isnt an apprequest
if(!req.session.appRequest)
req.session.appRequest = {}; // TODO: data
}
// query apps
apps = await db.getApps();
// set appId in appRequest
if(req.query.appId) {
if(req.query.appId && typeof req.query.appId == "string") {
// req.query.appId
// verify appId (if in rep)
req.session.appRequest.appId = req.query.appId;
// TODO: on accept, setAuthCode and redirect with token
// on cancel, redirect to dashboard
}
}
// if user is logged in, show request page
if(req.session && req.session.user) {
res.render('request', {
session: req.session,
appRequest: req.session.appRequest,
apps: apps.reply,
cfg: cfg
});
// if user isnt logged in, show login page
} else {
if(!req.query.appId) req.session.appRequest = {};
let view_obj = { session: req.session };
if(req.query.appId) {
apps.reply.forEach((app) => {
if(app._id == req.query.appId)
view_obj["login_title"] = "Login to use "+app.name+" via authRxbn"; // appRequest app name
})
}
res.render('login', view_obj);
}
}));
/**
* all other routes
* @url /*
* @method all
* @TODO comments
*/
route.all('/*', asyncer(async (req, res, next) => {
// passthrough to next route
if(req.path.startsWith('/api'))
return next();
if(req.path == "/request") return res.render('error/404');
let pathRules = require("./rules");
let group = "anon";
if(req.session && req.session.user) {
group = "user";
if(req.session.user.group == 999) group = "admin";
}
pathRules.forEach((rule) => {
if(rule.rule == "block") {
if(group == rule.group) {
let regex = new RegExp(rule.expression, "g");
if(regex.test(req.path)) {
if(rule.type == "404") {
global['logs'].info("[web] (404) path not found: "+req.path);
return res.status(404).render('error/404', {
error_code: 404,
error_msg: 'msg.request.file.not_found',
session: req.session,
cfg: cfg
});
} else if(rule.type == "missing_permission") {
return res.status(401).render('error/permission', {
error_code: 401,
session: req.session,
cfg: cfg
});
} else if(rule.type == "login") {
return res.status(401).render('error/login', {
error_code: 401,
session: req.session,
cfg: cfg
});
} else {
return res.status(401).render('error/error', {
error_code: 401,
session: req.session,
cfg: cfg
});
}
}
}
}
});
let dir = global['__dirname'] + '/bin/web/views';
let path_j = path.join(dir, req.path.toLowerCase());
if(fs.existsSync(path_j+'.pug')) {
return res.render(req.path.replace(/^\//, ''), {
session: req.session,
apps: apps.reply,
cfg: cfg
});
} else {
global['logs'].info("[web] (404) path not found: "+req.path);
return res.status(404).render('error/404', {
error_code: 404,
error_msg: 'msg.request.file.not_found',
session: req.session,
cfg: cfg
});
}
// TODO: try to login
// TODO: role-based authorization
// TODO: show login page or page
}));
return route;
};
module.exports = {
getRoutes: getRoutes
};
View Git Blame Copy Permalink